CVE-2023-5850: 
vulnerability analysis and mitigation

CVE-2023-5850 is a security vulnerability discovered in Google Chrome versions prior to 119.0.6045.105. The vulnerability involves incorrect security UI implementation in the Downloads feature that could allow a remote attacker to perform domain spoofing via a crafted domain name. This issue was reported by Mohit Raj (shadow2639) on December 22, 2021, and was assigned a Medium severity rating by Google Chrome's security team (Chrome Release).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, requires user interaction, has unchanged scope, and can impact integrity but not confidentiality or availability (NVD).

The vulnerability allows an attacker to perform domain spoofing through the Downloads feature of Google Chrome. This could potentially lead to users being misled about the origin of downloaded files, potentially facilitating social engineering attacks or malware distribution (Chrome Release).

The vulnerability has been patched in Google Chrome version 119.0.6045.105. Users and administrators are advised to update to this version or later to mitigate the risk. The fix has been incorporated into various Linux distributions including Debian, Fedora, and Gentoo through their respective security updates (Debian Advisory, Fedora Update).